TLOMA Today

It is with immense gratitude and excitement that I sit down to write my very first President’s message to you. It wasn’t too long ago that I was selected to be the Education Coordinator in 2023 and at the time, I was fairly new to TLOMA (and my role in HR). Having no idea what to expect, I nervously navigated my way through (fake it ‘til you make it!) I quickly realized how many members had long standing friendships and bonds and strong opinions! I felt like an outsider and certainly too green to have strong opinions on anything (the Board will laugh at this now)!

In an effort to make the most of my membership, I pushed myself out of my comfort zone and reached out to members (cold emails, yikes!) I was very lucky that of all the members I reached out to, I received kindness, patience and guidance and where they couldn’t help, or didn’t have time to help – steered me towards others who could. Over time I met others like me and through a mix of newer and more experienced members, began to make bonds of my own.

This community who answered the countless emails, calls, questions big or small – thank you! To those who encouraged me to continue on in my TLOMA journey, who trusted me with this big opportunity - a big thank you to you as well!

My reason for sharing this with you today is that for our newer members (or perhaps those who have taken a back seat lately), I hope you feel inspired to reach out to the TLOMA community because I guarantee you will be pleasantly surprised at who reaches back and what you both personally and professionally will get from it. Family and friends notice my confidence growth from TLOMA and the lessons learned which I will hold dearly, forever. Take a chance - we are here for you!

Thank You

I will be reaching out to all personally because there is just too much to say but a big thank you to our outgoing Board members: Pat Carrano, 2025 Past President; Farzad Boreyri, 2025 Treasurer; Michelle Bilboe, 2025 Conference Chair, as well as our outgoing SIG leaders Paul (Chuck) White, 2025 Facilities SIG Leader and Anthony Belmonte, 2025 HR SIG Leader (incoming Vice President) – thank you for all of your tremendous contributions. We wish you much success in your future endeavours and look forward to your continued participation in TLOMA.

To our returning Board members: Louise McNeely, 2025 President (2026 Past President); Nour Salman, 2025 & 2026 Communication Coordinator and Sulai Chan, 2025 & 2026 Education Coordinator. I cannot wait to work with you all again for another fantastic year!

Karen & Courtenay – the BIGGEST thank you of all. Our successes, our growth, our reputation – Karen and Courtenay are the heart of TLOMA, we truly would be lost without you both!

Introductions

To our incoming Board members: Anthony Belmonte, 2026 Vice President; Parminder Gill, 2026 Treasurer; Amanda Hinsperger, 2026 Conference Chair, as well as our incoming SIG leaders: MaryAnn Joseph, Human Resources SIG Leader and Rachael Woodward, Operations SIG Leader.

We cannot wait to see you thrive!

Sneak Preview

The mission statement this year for TLOMA will be community – both growing and building. More details to follow.

In addition, we have great events coming your way in 2026. Timely and informational SIGs, spring and summer networking events, as well as our conference. To stay up to date, please check the TLOMA Events Page regularly for updates and to register.

Reaching Out

As your President, I relish hearing your ideas and feedback. Reach out anytime by email: aisaacson@sherrardkuzz.com or by phone: 416-603-6239.

Signing off and manifesting some warmth by the time the next issue hits your inbox!

Your firm just invested in new practice management software. The implementation went smoothly and training sessions are now complete. But three senior partners still refuse to log in and actually use it. They're sticking with their paper files and spreadsheets, forcing their assistants to enter the same information twice: once in the old system for the partners, and again in the new software for everyone else.

Sound familiar?

According to Canadian Lawyer Mag, technology resistance is a top challenge law firm managers face when rolling out new systems. But this pushback is rarely due to stubbornness or even generational differences (although it can and does happen). And it's almost never because lawyers hate efficiency.

Many Ontario lawyers resist technology for legitimate reasons that you can overcome with the right approach. This guide will help you understand why your lawyers push back, provide practical strategies to reduce friction, and show you how to create lasting and positive change. Let's start by looking at what's really driving that resistance.

So Why Aren’t Some Lawyers Using the New Tech Solutions?

Before you can change a behaviour, you need to understand what's driving it. Lawyers don't normally resist technology because they're difficult or out of touch; they do it because they believe the costs - real or perceived - outweigh the benefits in their minds. Here are five possible reasons why some lawyers at your firm may be hesitant about new tech solutions.

1. Time Constraints

Most lawyers bill by the hour, and learning new software takes time, even after preliminary training. Every minute spent watching tutorials or mastering a new interface is a minute they can't bill to clients. The math is simple: If a partner bills $500 per hour and spends four hours learning new software, that's $2,000 in lost revenue. Multiply that across your firm, and you can see why partners hesitate.

2. Risk Aversion

Law school trains you to spot risks. Consequently, lawyers spend their careers identifying what could go wrong. When you introduce new technology, some may immediately think: “What if there's a data breach? What if this violates our obligations to clients? What if the Law Society audits us and finds problems?”

These aren't baseless fears. Law firms handle sensitive information every day and a single security lapse can destroy a practice. When lawyers raise confidentiality concerns, they're doing what they're trained to do: protect clients and the firm.

3. Earlier Negative Experiences

Many lawyers have lived through terrible technology rollouts. Perhaps your firm implemented billing software that crashed during the month-end, causing chaos. When you announce the next big technology change, they're remembering the last disaster. If your current system works (even if it's inefficient), they will cling to it. They know its quirks and built workarounds, so why trade a known quantity for an unknown risk?

4. Comfort With New Technology

Yes, some older lawyers are less comfortable with technology. It’s not necessarily due to age. Plenty of senior partners have adopted smartphones, cloud storage, and video conferencing as easily as their colleagues. Meanwhile, some younger associates can resist change if they've already developed their own systems. A 65-year-old partner who's frustrated with paper filing will embrace change faster than a 30-year-old associate who's happy with their spreadsheets and doesn’t want to master a whole new way of doing things.

5. Loss of Control and Autonomy

Most lawyers value independence, especially in smaller firms. They decide how they want to manage their files and interact with clients. When firm management announces mandatory new software, that independence is compromised. It's not always about the technology itself: it's an issue of not wanting to be told what to do. This is especially true for partners who see themselves as business owners, not employees.

The Solution? Prevent Resistance in the First Place

Most technology failures happen before the software is even installed. This means that you can't fix resistance after the fact - you need to prevent it. Here's how to set yourself up for success before you roll out anything new.

Involve Lawyers in the Selection Process Early

Form a technology committee with representatives from different practice groups. Include partners, associates, and support staff.  It’s also a good idea to conduct surveys to understand what the lawyers dislike about your current systems. What takes too much time? What causes errors? What makes them want to throw their computer out the window? When they see their pain points addressed in the new system, they're more likely to give it a chance.

Emphasize Compliance With Lawyer Priorities

IT departments talk about features, but lawyers care about results. Stop leading with "robust cloud-based infrastructure" and start with "you'll save 30 minutes per day on timekeeping." In other words, translate every feature into a benefit they actually want. For example:

• "Automated conflict checks" becomes "catch conflicts before they become Law Society complaints."
• "Mobile access" becomes "review documents from court without calling your assistant."
• "Integrated billing" becomes "get invoices out faster and improve your collection rate."

When the advantages are clearer, you’re less likely to encounter resistance. And if you do, it’s much easier to address and overcome.

Phase the Rollout Thoughtfully

Don't flip a switch and force the entire firm onto new software on the same day. When possible, start with one practice group or office location as a pilot and introduce the basic features first. Once everyone is comfortable with core functions, introduce advanced capabilities. Once they've mastered the new software or platform, these colleagues can help you implement it across other practice areas.

If possible, allow parallel systems temporarily. Yes, this creates extra work. But some lawyers need time to transition. Set a clear sunset date—maybe 60 or 90 days—when the old system shuts down completely. This gives people a safety net without letting them avoid change forever.

Make Support Easily Accessible

Create a dedicated Slack channel or Teams chat for quick questions. Someone should monitor it during business hours and respond fast. Consider having "office hours" where an IT person or super-user sits in the lunch room or library, available for drop-in help.

Make it clear that asking questions is encouraged. Some lawyers will feel embarrassed that they can't figure something out. Counter this by having partners and senior lawyers publicly ask questions. If the managing partner says "I couldn't figure out how to do X, can someone help?" it gives everyone else permission to do the same.

From Resistance to Adoption

Most resistance dissolves once the lawyers in question see tangible benefits in their daily practice. They may never acknowledge that the transition was worthwhile, but six months later, try asking them if they still prefer the old system and watch the reaction. That's when you'll know the change has truly taken root.

I talk a lot with my clients about building relationships—not brokering transactions. But for many lawyers we coach, there’s a consistent tension: “I don’t want to seem like I’m just reaching out to get work” or “It feels awkward to check in without something to offer.” Add to that the time and energy crunch of daily legal practice, and maintaining connections outside of active files often slides to the bottom of the list.

Here’s the thing: relationships that are only maintained during active work aren’t really relationships. They’re collaborations of convenience. If you’re looking to build a practice that’s resilient, fulfilling, and aligned with your values and goals, investing in your relationships before you need them is one of the most high-leverage actions you can take.

Why This Matters More Than You Think

Your reputation and reach in the legal world aren’t shaped solely by your results—they’re shaped by the relationships you maintain. When you build real relationships with your clients and referral sources, you’re no longer a name in a list. You’re a trusted voice in their ear. Someone whose name is in the room, even when you’re not.

That doesn’t happen by accident. And it doesn’t require a big, flashy strategy. It requires intention.

Try This: Small Shifts to Build Real Relationships

If you’re not sure how to start—or restart—here are three low-lift, high-impact actions to try this month:

1. Send a “Saw This, Thought of You” Note: Find an article, podcast, or update that connects with a past conversation or interest. Send it with a short message—no ask, just connection.
2. Book a 20-Minute Catch-Up: Not lunch. Not a two-hour commitment. Just a quick call to check in, hear what they’re working on, and share what’s new for you.
3. Make It a Habit: Block 30 minutes in your calendar each week to reach out to one client or referral source. That’s it. Consistency builds familiarity—and trust.

The best business development doesn’t feel like business development. It feels like staying connected to people you care about and who care about you. And that’s a practice worth cultivating.

Most legal leaders agree that artificial intelligence has the potential to deliver meaningful value. The challenge is less about ambition and more about execution. Many firms struggle to translate high-level AI strategies into practical action, particularly when data has been accumulating across systems, offices and jurisdictions for decades. The scale of the task can feel daunting. Yet progress does not require perfection. What it does require is a clear, structured approach to information governance that prepares data for responsible and effective AI use.

The starting point for any AI-ready governance programme is understanding the current state. Firms need visibility into what information they hold, where it resides, how long it has been retained and whether it aligns with internal policies and external obligations. This assessment phase often exposes gaps between perception and reality. Data that was assumed to be managed may be fragmented across repositories, retained far beyond its useful life or stored without consistent controls. Establishing this baseline is essential, not only for risk management, but also for determining whether data is suitable for AI applications.

For many firms, however, knowing where to start is the biggest obstacle. Governance initiatives frequently stall due to uncertainty around ownership, competing priorities or the sheer complexity of legacy environments. Rather than attempting to solve everything at once, firms benefit from a phased, practical approach. To help move from intent to execution, a five-step process can be used to build a realistic information governance strategy and plan. This approach breaks governance into manageable stages, clarifies accountability and creates a foundation that supports long-term AI readiness.

Step One: Establish Governance Ownership

Effective information governance begins with clear ownership. Firms need a defined governance structure that brings together legal, risk, compliance, IT and business leadership. In a Canadian context, this often includes close coordination between privacy officers, records management teams and senior legal leadership to ensure alignment with federal and provincial privacy requirements, as well as client obligations.

A governance committee or steering group provides oversight, sets priorities and resolves conflicts between departments. Just as importantly, it creates a forum for consistent decision-making. Without this structure, governance initiatives tend to become siloed or overly technical, limiting their impact. Clear sponsorship and accountability signal that governance is a business priority, not simply an IT project.

Step Two: Gain Visibility into the Data Landscape

Once ownership is established, firms must develop a clear picture of their data environment. This includes identifying all repositories where information is stored, from document and practice management systems to email, collaboration platforms, archives and legacy applications. Shadow data—content stored outside approved systems—also needs to be identified, as it often carries heightened risk.

Visibility goes beyond location. Firms need to understand what types of data they hold, including client work product, personal information, financial records and administrative content. In Canada, where privacy legislation places strong emphasis on purpose limitation and data minimisation, this step is particularly important. Data that cannot be clearly justified is difficult to govern and risky to expose to AI tools.

This discovery phase provides the insight needed to prioritise action. It highlights high-risk areas, redundant content and data that may no longer serve a business or legal purpose.

Step Three: Align Policy with Operational Reality

With a clearer understanding of the data landscape, firms can focus on policy alignment. Many organisations already have retention schedules and governance policies in place, but these are often outdated or inconsistently applied. Policies that exist only on paper do little to reduce risk or support AI readiness.

Retention and classification rules must reflect how the firm actually operates. This includes defining clear retention triggers, handling exceptions and accounting for client-specific requirements such as outside-counsel guidelines. Inconsistent application creates uncertainty and undermines confidence in the data.

For AI initiatives, policy alignment is critical. AI systems rely on predictable data lifecycles and consistent classification. Without this, firms risk training or deploying AI tools on data that is inaccurate, incomplete or non-compliant.

Step Four: Build Secure and Integrated Foundations

Once policies are defined, firms can begin operationalising governance. This involves applying rules within systems, centralising controls where possible and ensuring consistent access management across repositories. Fragmented environments increase risk and make it difficult to monitor how data is used.

Integrated systems create clearer data pathways and support auditability—both of which are essential for AI oversight. Firms need to be able to demonstrate not only that data is governed, but how decisions are made, how access is controlled and how issues are addressed.

At this stage, technology plays a supporting role. Tools that automate classification, retention and reporting help reduce manual effort and improve consistency. They also provide the transparency required to assess whether data is suitable for AI use.

Step Five: Execute Disposition and Enable Ongoing Review

One of the most challenging aspects of governance is disposition. Legal professionals are naturally cautious about deleting information, yet over-retention increases risk and cost. A structured decision-making process, supported by governance oversight, helps move disposition forward responsibly.

Execution should be phased and measurable. Firms often start with data sets that have clear eligibility for disposition, delivering early results and building confidence. Secure destruction—both physical and digital—ensures that policy decisions translate into real risk reduction.

Governance does not end here. Continuous review is essential. Regulations evolve, client expectations change and AI capabilities advance rapidly. Regular audits, policy reviews and updates ensure the governance framework remains relevant and effective.

Positioning for Responsible AI Adoption

With a strong governance framework in place, firms are better positioned to introduce AI in controlled and defensible ways. Early use cases such as document summarisation, clause extraction and classification support can deliver value while remaining manageable. Critically, firms can monitor outputs, assess accuracy and maintain transparency.

AI should never operate as a black box. Governance provides the structure needed to oversee AI tools, manage risk and maintain trust with clients and regulators. In a Canadian legal environment that places a premium on accountability and privacy, this oversight is essential.

From Framework to Advantage

Execution is where strategy delivers results. Firms that understand their data, govern it consistently and apply AI thoughtfully are better equipped to manage risk, control costs and respond to client expectations. Building an AI-ready information governance framework is not a one-time project. It is an ongoing discipline that supports innovation while protecting the firm and its clients.

With the right structure, commitment and phased approach, the path from governance strategy to AI-enabled execution is clear—and achievable.

A Discussion of Cosentino v Octapharma Inc., 2024 HRTO 860

Last month, we summarized the dos and don’ts for an employer to accommodate. Given that many workplaces are implementing full-time return to office mandates, this article explores the potential human rights considerations employers should be aware of.

The intersection between the employer’s duty to accommodate and return to work (RTW) mandates was recently explored in the Human Rights Tribunal of Ontario decision of Cosentino v Octapharma Canada Inc., 2024 HRTO 860 (“Octapharma”). This decision considered whether an employer’s implementation of in-person work constituted discrimination based on family-status, as well as reprisal, in light of an employee’s accommodation request for remote work.

Background

In Octapharma, an employee (Cosentino) requested accommodation (i.e. flexible work hours and the ability to work remotely) due to new caregiving obligations for her mother undergoing cancer treatment and for her son attending virtual school. These requests were made in August 2020; at this time and before the start of COVID-19, most employees at Octapharma worked remotely.

The employer initially accommodated the employee by providing flexibility in working hours to facilitate medical appointments. Cosentino was transparent about her schedule and was readily available via phone for remote meetings. However, in September 2020, the employer issued a PIP to the employee, despite the performance concerns not being unique to Cosentino (i.e. sales were low overall). On October 21^st, the employer informed Cosentino her work location would personally change from being remote to in-office. Due to her mother’s worsening health and the second COVID wave underway, Cosentino requested to continue remote work under a family status accommodation.

Cosentino and the general manager (“GM”) discussed the employee’s accommodations in a phone call on October 23^rd. The GM framed the change of work location as a business need, dismissed the employee’s concerns as “COVID nonsense,” and failed to inquire about her caregiving obligations, hybrid options, or alternative supports.

Between October 27^th and December 3^rd, the employee chose to continue working remotely. In this period, the GM ceased communications with the employee. Further, Cosentino’s vacation request was denied, she was told she would not be presenting at a conference that had been a part of her role previously, nor would the company pay for her to attend another conference, despite having done so annually. On December 3^rd, the employee was terminated.

Decision

The Tribunal found that the employer discriminated against the employee based on family status considering the change in working conditions, failure to accommodate her, and ultimately, termination.

The Tribunal noted Octapharma initially accommodated Cosentino by allowing a flexible work schedule. However, once it implemented the return-to-office in October, the employer refused to adjust its own policies and requirements in considering Cosentino’s second accommodation request. As such, while a “perfect accommodation” is not necessary, the Tribunal determined the employer failed to meet its procedural and substantive duty to accommodate after October 21^st through:

• Failing to fully inquire about the potential accommodations needs
• Failing to suggest any alternate accommodations (e.g. mixture of remote and in-office work)
• Stopping communication with the employee after October 2020

The Tribunal further found that Octapharma engaged in reprisal through the following conduct:

• Implementing a PIP
• Dismissive comments made by the GM during the October 23rd call about accommodations with Cosentino
• Ceasing or very limited communication between the GM/management and Cosentino
• Change in treatment of employee as compared to past practices (vacation request process, conference attendance and registration fees)
• Termination of the employee

Based on the above, the Tribunal ordered Octapharma to pay Cosentino $105,000 in damages: $80,000 for lost compensation (wages, benefits, bonuses) and $25,000 of general damages for injury to her dignity, feelings and self-respect. The higher general damages award was granted due to the employer’s conduct causing the employee heightened anxiety, sleep difficulties, and diminished self-worth – all while caring for her terminally ill parent during the pandemic’s uncertain early months.

Considerations for Employers

Octapharma reaffirms the need for employers to engage openly with employees seeking accommodations. Employers have the right to mandate a full-time RTW policy. Employees are permitted to request accommodations as necessary, including in response to RTW mandates. As such, employees have a duty to inquire about these accommodation requests by creating a dialogue with employees by asking about the nature of their restrictions, exploring alternate work arrangements, and the availability of additional supports.

Octapharma further cautions against employers relying primarily on ‘business needs’ to justify denying legitimate workplace accommodations, as this rationale may not withstand scrutiny in human rights law. The failure to accommodate can attract significant damages if a discriminatory termination is established.

Most importantly, many attacks don’t involve technical hacking at all. They begin with something deceptively simple: a convincing email, a compromised login, or a vendor account that wasn’t properly secured.

In those cases, firm size offers little protection.

How cyber incidents actually happen in law firms

Cyber incidents are often imagined as dramatic system failures or large-scale breaches. In practice, many unfold quietly and quickly.

Common scenarios include:

•   A staff member clicking on a phishing email that appears to come from a colleague or client
•    A compromised email account being used to redirect payments or request sensitive document
•   A ransomware attack that encrypts shared drives and case files
•   A former employee retaining access to cloud systems
•   A third-party vendor being breached, exposing firm data

These situations rarely feel “catastrophic” at first. But the downstream effects - financial, legal, and reputational - can escalate rapidly.

The cost of prevention vs. the cost of a cyber event

When firms hesitate to address  cyber  risk, cost is often the underlying concern. Budgets are real, and margins matter.

However,  it’s important to distinguish between predictable prevention costs and unpredictable incident costs.

The cost of prevention typically includes:

•   Basic security controls
•   Staff awareness and training
•   Clear internal processes
•   Appropriate insurance coverage

The role Law Office Managers play in cyber resilience

While cyber risk often sounds technical, many of the most effective controls are operational and that’s where Law Office Managers have real influence.

Areas where office managers make a meaningful impact include:

•   Onboarding and offboarding procedures
•   Password and access management
•   Vendor and third-party access controls
•   Staff awareness and communication
•   Document handling and retention practices

These processes don’t require advanced technical expertise, but they do require consistency, clarity, and follow-through.

When combined with appropriate insurance and external support, these operational controls form a practical, layered approach to cyber risk.

Cyber preparedness is about realism, not fear

Cyber risk doesn’t need to be framed as inevitable disaster. It’s about acknowledging the reality of how law firms operate today and preparing accordingly. No firm needs to be perfect. But every firm benefits from:

•   Knowing where its vulnerabilities are
•   Understanding what its insurance does and doesn’t cover
•   Having a plan for who to call and what to do if something goes wrong

In many cases, the goal isn’t to eliminate risk entirely. It’s to reduce the impact and speed recovery when incidents occur.